Our WP got recently hacked and one of problems was that attackers used URE to give all possible rights to subscriber level. I removed that but found out that you can give single user modified rights outside of general groups. Is there any general list of such modified users? I'm worried that hackers could hide some users with admin rights between hundreds of regular users. Only problem is, that I see only way how to check to go one by one manually. And we have lots of registered users.
Or if you could point me to place in WP database, where are these personal modifications stored?